Step by Step Guidelines for Handling a Cyberattack at a Medical Facility

Step by Step Guidelines for Handling a Cyberattack at a Medical Facility

by | Jun 26, 2017 | Education

The four most important things a medical institution needs to do in the event of a hacking

Unfortunately, cyber attacks on healthcare facilities are all too common. Such attacks grew by an astounding 63% in the last year and will most likely continue to grow as hackers target clinics, hospitals and other public and private healthcare facilities with ransomware, phishing attacks, malware and outright hacking. Given these facts, it is important to be aware of the following step by step guidelines for handling a cyber attack. This guidance is provided by the Department of Health and Human Services and applies to any medical institution.

Respond

Every single medical institution needs to have a plan for how to respond to a cyber attack. Employees who suspect an attack need to know who to contact about their concerns, be it a supervisor, the hospital’s IT department or an outside third party. Those who are responsible for handling the aftermath of an attack need to know what to do with patient data and other sensitive information. They also need the authority to take drastic action to prevent or limit a breach of data.
The type of plan your medical institution develops will naturally depend on a number of factors. {company} has the experience and expertise needed to handle cyber attacks but we would need to sign an HIPAA-compliant business associate agreement from your firm before we can begin work on your systems. Those who run a large medical institution may want to have a full-time IT specialist or department tasked with not only responding to attacks but also preventing them.
It should be noted that a plan to respond to ransomware must be different than a plan for managing the aftermath of another type of cyber attack. Ransomware takes your computer system hostage and won’t allow you to see any data until you have paid a ransom. A plan for such an event will need to include not only disabling shared drivers and disconnecting the affected computer from the network but also shutting down certain departments if up to date patient data is not stored on a backup device.

Contact Law Enforcement

Contact law enforcement agencies as soon as you discover a cyber attack on your computer system. Get in touch with the FBI, Secret Service, and your local police department and tell them what you know about the cyber attack. Don’t worry if you haven’t completely assessed your systems to discover the extent of the attack; that comes later on. The most important thing to do at this stage is to report the attack without divulging patient information.
Be aware that your next steps will depend on how law enforcement officials advise you to proceed. In some instances, one or more law enforcement departments may ask you to hold off on reporting the beach in order to avoid impeding an ongoing investigation or jeopardizing national security. If such a request is made in writing, it will clearly state how long you should wait before reporting the breach. Oral requests must be honored within 30 days after they have been made.

Reporting the Threat

After reporting the incident to law enforcement officials, you will need to report the cyber attack to federal and information sharing and analysis organizations, the Department of Homeland Security and the HHS Assistant Secretary for Preparedness and Response. Once again, all patient information should be kept private in accordance with HIPAA guidelines.
Assess the Breach
The final step is to assess the nature of the breach. If fewer than 500 patient records have been compromised, you will need to contact the affected individuals to let them know their information has been breached. If more than 500 patient records have been compromised, you will need to report the cyber attack to the HHS’ Office of Civil Rights Department, tell the media about the breach and contact all those who were affected by the incident. You must get in touch with patients whose records were breached no later than 60 days after the breach has been discovered.
Some criminals behind ransomware attacks threaten to publish stolen data instead of simply deleting it. Such a situation can pose a serious legal dilemma for hospitals that are tasked with keeping patient information secure but at the same time are advised by the FBI to avoid paying a ransom. In such a case, it may be wise to seek immediate legal help in addition to taking the steps outlined above.

In Summary

Have plans in place for dealing with a cyber attack or potential cyber attack. Every single employee who has access to your computer systems should know what to do if such an attack takes place. A good plan can limit the exposure of sensitive data or even stop an attack in its tracks.
The next step is to notify law enforcement officials, the DHS and the HHS Assistant Assistant Secretary for Preparedness and Response. Finally, you will need to examine your computer systems and data carefully to determine how many patient records have been breached. If you know or even suspect that more than five hundred records are at risk, immediately notify the affected individuals, the media and the OCR.

Naturally, it is far better to do everything possible to prevent cyber attacks instead of having to deal with the aftermath.

At {company} in we specialize in helping medical facilities create secure data storage solutions to protect the valuable patient and employee data. We create personalized solutions for each medical facility and can even help you draw up an effective response plan should cyber criminals attempt to steal your data. Feel free to get in touch with us at {email} or {phone} in order to find out more about how we can help you prevent serious attacks that would cause legal problems, loss of data or even the temporary shutdown of services due to lack of data access.

How Technology Has Transformed Canada 150 Years since its Inception

by | Jun 23, 2017 | Education

July 1, 2017 will mark 150 years since Confederation in Canada.
Since that time, a lot has happened, especially in regards to the business environment. Today, it is undoubtedly much easier to do business than it was 150 years ago, thanks in part to technology. I would like to explore some of the ways in which technology has played a role in transforming the business environment in Canada.
1. It Has Led to Improved Efficiency.
The modern business workplace in Canada has undergone a major shift in how workers spend their time. Today, businesses are better able to manage time and the effort required to achieve tasks has been lessened. For instance, if a business in Canada needed to create a thousand pamphlets for its business, they would have had to hire someone to type all of them. The printing machine has lessened that process into just a few minutes work.
Since such tasks now take a little time, it has allowed business to concentrate on other tasks. Additionally, the level of expectation from clients has changed because of technology. They now expect more in much less time from a business.
2. It Has Led to More collaboration among Employees.
Technology allows employees within the organization to communicate at a level not possible 150 years back. Today, employees can connect to any of their fellow employees at any time of the night or day by pressing a few buttons. With increased collaboration, it allows projects to proceed flawlessly no matter how far away individuals are from each other.
3. Better Cost Management.
The aim of all businesses is to become profitable. To do that, they will need to cut down costs of running the business. When a business uses modern technology, it is able to cut down on the cost of doing business.
When a business makes use of modern software and technology to do business, it is able to keep better of its finances for instance. Since employees optimize their time at the office with technology, less time is wasted and more time is used to make money. By reducing costs and increasing productivity, the business is able to become quite profitable.
4. Better Security for Business Data.
The security of business’ data is important to its success. 150 years ago, businesses had no choice but to store in a large room protected by nothing but a padlock. However, today, technological innovation has made it easier to store data. For instance, companies can transmit their data to an offsite location where access is limited. The technology of today has made it almost impossible for individuals to access information unless they have authorization.
5. The Use of the Cloud.
Cloud technology has had one of the biggest impacts on how businesses handle digital data in Canada. Today, even a small company can afford to make use of server services without having to invest in the physical infrastructure. The cloud also allows companies to access software that would have otherwise driven them out of business. In short, the cloud is making it possible for small businesses to compete with big businesses, thanks to the availability of affordable resources.
6. Businesses Can Now Afford Advertising.
A while back, only the huge companies could afford to post an ad on television. Other small businesses had to rely on word of mouth and a few posters around the town. However, the internet has changed all that. Today, companies can spend a few hundred dollars and grow awareness about their business to tens of thousands. In the last few years since the inception of Canada, this was unheard of. Only the big companies could afford to splash dollars for advertising.
7. Business owners Can Work Anywhere.
One good thing about technology is that it allows business owners to keep track of their business even when they are far away. In the past, when a business owner traveled, he or she had to find someone trustworthy to manage the business. Modern technology allows a business owner to have peace of mind even when they are halfway around the world. In short, a person on the eastern edge of Canada can comfortably manage a business in the western end, using a computer.
8. It Allows For Better Customer Segmentation.
With businesses having so much access to data, it has made it easy for them to understand what the customers want. This is a luxury that Canadian businesses did not have 150 years ago. Besides that, there are many tools on offer for analyzing customer data.
With these tools, you can segment your customers in a way that allows you to sell only certain products to certain people. Besides that, it allows you to avoid spending ad dollars on unresponsive customers. The result is that you can convert better than you could ever have imagined in your entire life.
9. You Can Now Interact with Customers.
Thanks to the rise of social media, businesses are able to have a personal interaction with all their customers. A while back, you could only post an ad and hope that enough of your customers see it. However, today you can actually read their responses on social media to determine if they like the product.
Today, a business cannot ignore the power of social media. A single rant on a site like Yelp could go viral. The result will be that a business’ credibility could be damaged forever. This is one of the dangers of modern technology. If the business does not stay on top of things, they could be swept away by falsehoods that spread quite fast on the internet.
Technology is here to Stay.
Despite what you may think about technology, it is here to stay. The businesses that survive the next 150 years in Canada are the ones that will survive as history has shown. Those that fail to adopt it will find themselves being left behind, unable to catch up. It is thus important to conduct research often to keep abreast of the latest developments in technology and their implication on how you do business.

Amazon’s New Deal Will Change Your Food Buying Experience Forever

by | Jun 23, 2017 | Education

Amazon has decided to dabble into the grocery industry with its purchase of Whole Foods.

For those in the groceries business, Amazon is about to become your biggest worry. Amazon.com recently purchased Whole Foods in a deal worth $13.7 billion. This has essentially made amazon.com one of the most important players in the grocery market of America. The deal will have major implications for shoppers, retailers, and other players in this sector.
The Grocery Industry is tittering on The Edge.

The takeover of the grocery industry by Amazon is expected to be quite easy. The industry is already surviving on thin profit margins. This move could be the final blow for weak players in the grocery sector. For the other main players such as Walmart and Kroger, it could cut into their market share significantly. For companies that deliver groceries such as Peapod and Fresh Direct and ready to cook recipes and ingredients such as Sun Basket, it could undermine their ability to continue operating. Once Amazon joins the sector, they are only limited by their imagination. With a retail presence of over 400 stores, they can bring a lot of pressure in the industry.
This Deal Might Be Amazon Entering the Retail Market.

For years, Amazon has been expanding its areas of business and introducing efficiency and ease of shopping. They have managed to bring almost every product imaginable to shoppers’ front doors. The value that the company has been able to offer shoppers has slowly led to the demise of many small shops and even big names.
The retail industry has collapsed under the pressure of Amazon’s efficiency. Renowned brands such as J.C. Penny and Sears have had to close hundreds of stores. Even some of the major malls have had to file for bankruptcy protection. With Amazon getting into groceries, grocers could be facing the same fate.

Amazon has caused a flurry of mergers and acquisitions as companies seek to scale up to have a fighting giant against Amazon.com. In some cases, Amazon has been the one doing the acquiring. Most experts in the industry do not think this will be the last of Amazon’s purchases. They realize that although online retailing is growing brick and mortar retailing still has a place in the retailing industry.
One area of competition that is still open is in data crunching. Amazon has really excelled in this area, especially in determining what the Millennial generation want. The food store industry has not really been acquiring customer data or analyzing it. That is where Amazon has an advantage. They are able to capture what customers have bought in the past and make suggestions for new purchases. With Amazon being so efficient on data mining, it is going to become the biggest determiner of who succeeds in the food sector.
However, the reach of Amazon is not expected to just be in the aisles. Food makers need to be aware of some intense competition. Amazon will want to sell customers its own food. It already has many items of its own such as pet food and batteries. Additionally, its latest acquisition, Whole Foods, already has its own products.
Amazon Could Start a Price War.

If Amazon manages to get a foothold in the grocery sector, they will have major sway on pricing. Major retailers such as Target and Walmart will need to grow their competitiveness if they do not want to lose customers.
Walmart has been one of the biggest threats to the supermarket industry for years. The chain began expanding into groceries in a bid to grow foot traffic to the general merchandise and clothing aisles. Soon after, Target followed with a grocery section. Today, entrants such as Lidl and Aldi are revamping the grocery aisles with organic and specialty products such gluten-free products at low prices. The result is that the grocery sector has become hyper competitive.
Amazon Has Never Been Afraid to Make Losses.
In the past Amazon has used a strategy where they make losses for years because of low prices until they finally emerge the leader. This strategy has worked in the past, and there is no reason it will not work with this deal.
Other Players Need to Wake Up.

The major grocers will need to re-examine their strategy carefully. Some of the biggest players such as Kroger have seen their stock dropped after the Amazon deal was announced. However, the new deal by Amazon is not expected to eliminate all other players. Differentiated players such as Publix and Wegmans will not lose much. Players who are not differentiated and weak will likely not last. The result is that it could lead to a flurry of buying activity as these players seek to exit the market.
For now, the consumers are going to be the biggest winner. When consumers go shopping, they can expect to have more cash in their pockets. Besides that, they could see a larger assortment of exclusive products, which is the approach that German stores are using. Besides that, Amazon being so tech survey could totally change the grocery buying experience.
Over the long term, it is hard to determine what will happen. However, some consumers are already worried about what will happen when Amazon controls a major chunk of the market. Judging from past mergers, it is not likely to be good news for final consumers. The result is that prices stagnate or they
The Deal Will Be a Game Changer for Retail.

It is now just a question of when Amazon’s effort will begin to be felt in the grocery sector. By buying Whole Foods, it will be able to expand online grocery delivery based on its existing network. However, Amazon is not new to the grocery sector. It has Amazon Fresh, which serves a few markets such as Chicago, New York, Los Angeles, and San Francisco.
Its presence will force others to up their game to stay afloat. However, it is a long shot to say that Amazon will wipe them out. The grocery sector is diverse and fulfilling everyone’s needs could take quite a while. However, it is quite clear that anyone who wants to survive will need to tighten his or her game.

It’s Time To Break Up With Break/Fix

by | Jun 22, 2017 | Education

Are you wasting money with Break/Fix IT services, like so many other businesses today? There’s a better way: Managed Services.

Having the right tech is no longer a choice when it comes to running a business. Up-to-date hardware, software, and security solutions are now essential to your day-to-day operations.
Without ongoing support to keep your business tech running smoothly, you’re simply wasting your money, and setting your business up for serious downtime. You’ll be vulnerable to huge repair costs when you’re forced to call in a tech to fix things. In this scenario, just a small problem can quickly become a very costly one.
By choosing an expert provider to be your outsourced IT department, handling your entire IT environment, you can save money, increase efficiency, and enjoy a better end-user experience.
So, what’s the difference between Break/Fix and Managed Services?
Break/Fix service is the traditional style of outsourced IT services, which works by fixing your computers once they’re broken. In a nutshell, when something goes wrong — data loss, hardware failure, virus, etc. — you then get in touch with your Break/Fix support provider, and have them fix it. The break-fix strategy no longer works for businesses today.  If you still use this method of IT service, you risk downtime that can literally shut your business down.
With Break/Fix Services:

A tech typically charges by the hour. This encourages him to focus on billable hours. It doesn’t benefit him if your tech is working the way it should. You could find yourself repeatedly calling them to help with a problem that never quite gets resolved.
A minor computer problem can quickly turn into a disaster. This is especially true today with the increase in cyber crime like ransomware. What starts out with just one malicious email can spread throughout your entire network, locking down your data, and your operations.
It could take days to fix your problem – in the meantime, your employees won’t have access to the data they need to continue working. You’re simply “bleeding money” by the minute.
Your support provider starts charging you after you’ve already lost work time – time spent on repairs or updates can add up fast.
It’s impossible to predict how much to budget for IT services. You can’t know what will happen or how expensive it might be.

The difference between “break-fix” and fully managed support?  Break-fix provides on-site repair after a problem is identified, whereas fully managed support provides ongoing maintenance, updates, and more to prevent problems from occurring in the first place.
Managed Services — a set of best practices, processes, and tools that, when combined with technical knowledge and proper facilitation, delivers an ideal result for businesses — is the modern model for IT support, offering a range of vital solutions to your business all for one monthly rate. With fully managed support, you know that your business technology and data are protected 24/7:

You can finally focus on running your business and not on IT worries. Your third party support provider will minimize or eliminate downtime that could hit your bottom line.
Your tech support can be provided remotely without a technician visiting your office. There will be instances that require in-person care, such as hardware replacement. However, most of what affects your day-to-day operations can be worked on remotely.
You’ll benefit from a flat-rate payment model, allowing you to budget your tech more effectively. You’ll be able to plan for growth far more easily and with greater peace of mind.
Tech maintenance from a third party is more cost-effective than relying on break-fix solutions, especially when you consider the lost revenue from downtime.

Think of it this way: while a Managed Services Provider is available around-the-clock, and compensated through your (and other clients’) monthly flat rate, Break/Fix service is unpredictable when it comes to costs and repair times.

A Break/Fix approach may be a lower cost on paper but it can get expensive rather quickly – which means your overall ROI isn’t as great as it could be.
Managed Services are designed to maximize your budget and provide the support and solutions you need to stay focused on your important work and keep under budget.

The reality is that remote tech support will always be more cost effective than hiring break/fix, or in-house technicians. The choice is easy: more expensive, inconsistent, unreliable break-fix services? – Or reliable, affordable, fully managed support that provides:

24/7/365 Services
Increased operational efficiency
Increased productivity
Up-to-date IT solutions
Security patches and alerts
Backup and Disaster Recovery Solutions
Minimized downtime
Enterprise-level solutions and support
Controlled IT costs
The ability to focus on what you need to do
Peace of mind

Make {company} your outsourced IT department right away – blend all your computer networking support and services with all your hardware for even more monthly savings.
Have questions? Contact us at {email} or {phone}.

Understand the GDPR Compliance Requirements

by | Jun 22, 2017 | Education

GDPR regulations for Europe go into effect very soon, but is your organization ready for the rigor required by these standards?

Recent cyber attacks have technology leaders throughout the world reviewing their security requirements, but the European Union is already a step ahead. Their upcoming GDPR, or General Data Protection Requirement, defines data security and risk requirements for organizations doing business in the EU. Businesses with customer interactions in the EU are scrambling to ensure that they meet or exceed the stringent data protection requirements before the Spring 2018 deadline for compliance, especially since non-compliance brings stiff fines and penalties to your business. The GDPR seeks to hand control of their data back to individuals, requiring organizations to be more proactive in proving that they have total control over the consumer data in their safekeeping. Understanding the key GDPR compliance requirements for your business is a critical step to continuing to do business in Europe, but business owners may be confused about which regulations apply in their specific instance.
More About GDPR
In April 2016, the European Parliament made a landmark decision that will have a far-reaching impact on how organizations store and manage customer data throughout the world. The GDPR (General Data Protection Regulation) regulates how companies protect the personal data of European citizens. Lack of compliance by Spring 2018 can have a serious impact on your bottom line, with stiff fines and penalties imposed by the EU. The regulation aims to provide a more uniform and consistent approach to the storage and security of data across nations in the European Union through required consent, data breach notifications, anonymization of data, safe data transfers and additional regulatory agencies. Since the regulation targets all organizations that do business in the European Union and includes a variety of requirements including the hiring of a specific data protection officer who is expected to be fully independent both of upper management and IT.
Steep Non-Compliance Penalties
While organizations in the U.S. are used to the potential of opting out of specific legal requirements, the GDPR guidelines are required or a business faces the consequences of their actions. The fines are significant — up to 4 percent of a company’s global annual turnover or up to 20 million Euros. The recent malware attacks on large organizations have left whole industries feeling vulnerable to attack, making it even more important that the GDPR requirements be followed precisely. With a recent cybersecurity report from Cisco, average organizations today are facing tens of thousands of security events each week, with large and vicious attacks potentially reaching around the world in only a few hours. There are a variety of activities that could be considered non-compliant, including breaches of the data protection principles, customer or employee rights, conditions for consent and even international data transfers.
Compliance Oversight
Penalties can be imposed by data protection authorities, who have the power to physically obtain access to your company’s premises to carry out audits. Organizations of all sizes will be required to provide information upon request. Part of what the audits are looking for is a clear trail of freely-given consent, such as a written statement from an individual stating their agreement to the processing of their personal information. Individuals are able to easily withdraw their consent, and the burden of proof rests with the organization to prove that consent has been provided. This more aggressive approach to customer data is likely to cause challenges for businesses in the U.S. that are used to relatively freewheeling marketing practices.
Data Breach Response
There are expanded rules around the reporting of data breaches, requiring that all incursions be reported within a maximum of 72 hours. Employees must be trained in responding to a serious data breach, with the designation of specific responsibilities and roles within the organization. Fortunately, GDPR allows encryption as an appropriate way to achieve the goal of compliance. This relatively inexpensive option is very powerful and widely available and may allow your organization to skip notification to data subjects if it is determined that the personal data is unintelligible. Having clear policies and tested procedures in place is critical to ensuring that your organization can quickly react in the event of a data breach.
Required Documentation
Part of ensuring that you have full compliance from all individuals with the data your organization gathers is to tightly document approvals. Personal information that is shared across international lines is subject to additional audits. With the updated ruleset, organizations carry the entire burden of proving how personal data is processed and stored, and that it is documented as being fully compliant with GDPR requirements. Since consent can be quickly and easily withdrawn, organizations are looking for ways to ensure a clear path to legitimizing processing activity. One portion of these regulations that organizations will not be pleased with is the absolute right to prevent direct marketing. Businesses have long relied on direct marketing to communicate directly to individuals with only a passing familiarity with the business, but these more stringent rules require that individuals who have opted-out of marketing be aggressively added to an in-house suppression list or risk non-compliance fines.
Mixed Reactions
While the stringent new regulations may seem overwhelming to a business, there are some definite benefits to this direction. The EU has effectively consolidated the processing rules of each member-nation to form one set of standards, reducing variation. Additionally, having only one organization in charge of audits and compliance with the NDPA is considered to be a positive move. On the negative side, businesses are picking up more responsibility and may need to invest in organizational and technical measures that may require the redesign of systems and processes — and will almost certainly require additional staff to assure full compliance with requirements.
Understanding the new GDPR compliance requirements for your business can be challenging. Fortunately, at {company} in {city}, we have been studying the effects of these new regulations. We stand ready to help with execution — contact us today via email to {email}, or call {phone}.